1. Home
  2. Docs
  3. Portal
  4. Threat Protection
  5. JSON Document Structure

JSON Document Structure

The Protect Against JSON Document Structure Threats assertion validates and enforces constraints on the structure of JSON documents. When an incoming JSON document structure exceeds a specified constraint, the Gateway rejects the JSON document and blocks further processing of the policy.

The following example JSON documents are referenced in the property descriptions below:

  • Example 1:  Single typed value document:”one simple value”
  • Example 2: Typical document:
{
   "msg":"Hello",
   "color":[0,0,255],
   "options":{
               "underline":false,
               "bold":true
             }
}

Configure the properties as follows:

  • Container Depth This is the most nested container within a JSON document. Example 1 above contains a string, which is the only type of document with a container depth of 0. Every open object or array increases the container depth by one. In Example 2, the “msg” entry has a container depth of 1, and the values in the “color” array have a depth of 2. Select this check box to reject any JSON document with a container depth that exceeds the value entered here. The container depth can be from 0 to 30. Default: 4
  • Object Entry Count This is the maximum number of entries (comma delimited string: value pairs) in a single object. Example 1 has a maximum object entry count of 0 (as it is a single typed value, it does not contain an object). Example 2 has a maximum entry count of 3 (the top-level entries: “msg”, “color”, “options”). Select this check box to reject any JSON document with an object entry count that exceeds the value entered here.
  • Array Entry  Count This is the maximum number of entries (comma-delimited values) in an array. The array in Example 2 has an entry count of 3. As with the object entry count, the count is done for each array, not all arrays in the document. Select this check box to reject any JSON document with an array entry count that exceeds the value entered here.
  • Entry Name Length This is the maximum number of characters in the name of an entry. A setting of 7 would be violated by the string “underline” (which contains 9 characters), but not by “msg”, “bold”, “color”, or “options”. Select this check box to reject any JSON document with a name length that exceeds the value entered here.
  • String Value Length This is the maximum number of characters in a string value. In Example, 2, the longest string value is 5 (“Hello”). Select this check box to reject any JSON document with a string value that exceeds the value entered here.
Was this article helpful to you? Yes No 1

How can we help?